Reputation: 21465
Google Chrome, Same-Origin Policy killing Tampermonkey script
I have a script done by myself that uses jQuery Ajax functions to log some data from a web page when I access it. It takes some info and sends it to my local Apache host to save in a text file.
It worked for months, but I now getting an error related with this Same-Origin Policy(I know how it works and its purpose) and the browser is now ending the script execution showing this message:
The page at https://www.website.com/ displayed insecure content from
http://127.0.0.1:8081/whatever.php
Followed by this:
Refused to connect to connect 'http://127.0.0.1:8081/whatever.php?arguments=1' because it
violates the following Content Security Policy directive: "connect-src
https://www.website.com/* https://*.website.com/
https://*.website.net xhr: error: SECURITY_ERR: DOM Exception 18
That last domain is colored in red on the error message. A curious detail is that on the JavaScript code on Tampermonkey I have the @includes of those domains but not the red marked domain. I've added it and tested, but didn't work.
Every discussion I've found on Google tells how to disable this policy but in case that you're developing an extension, that is not my case.
This code will just run in my machine, I didn't have the intention to distribute it in any way so any solution will be appreciated, even if the solution is to change browser configuration directly.
If this' useful, I'm using Windows 7.
Upvotes: 2
Views: 3392
Answers (3)
Reputation: 1080
Tampermonkey Beta fixed its GM_xmlHttpRequest to be independent from the page's CSP.
Unfortunately it can not fix jQuery AJAX requests cause it doesn't have a clue what sites are going to be contacted.
If the page you're contacting is Facebook, then the CSP is sent only to Chrome 21-23, but not Chrome 24. So you can use Tampermonkey's @user-agent tag to simulate Chrome 24.
Upvotes: 6
Reputation: 2647
You do not need anything from above. All you have to do in your ajax call is to add
script.php?callback=?&your_parametars_here
and in php file you just have to add this when retrieving data:
echo $_GET['callback'].$your_data_here
thats all!
Upvotes: 1
Related Questions
- How can I achieve cross-origin userscript communication?
- Jquery with Tampermonkey
- Tampermonkey in Chrome - How to use jquery without affecting the website at all
- Script ok with Greasemonkey but does not work with Tampermonkey. Is it because of jQuery $.get?
- Script works in Greasemonkey, but nothing happens in Tampermonkey?
- tampermonkey script stops working if I change the page
- Userscript works in Tampermonkey on Chrome but not in Greasemonkey on Firefox
- require jQuery to a safe variable in Tampermonkey script and console
- Tampermonkey/Greasemonkey only running in iframes
- Script doesn't work without TamperMonkey